Presentation is loading. Please wait.

Presentation is loading. Please wait.

SIP Security Issues : The SIP Authentication Procedure and its Processing Load Speaker: Lin-Yi Wu Advisor : Prof. Yi-Bing Lin Date : 2003/04/09.

Published byBeverley Morris Modified over 8 years ago

Similar presentations

Presentation on theme: "SIP Security Issues : The SIP Authentication Procedure and its Processing Load Speaker: Lin-Yi Wu Advisor : Prof. Yi-Bing Lin Date : 2003/04/09."— Presentation transcript:

1 SIP Security Issues : The SIP Authentication Procedure and its Processing Load Speaker: Lin-Yi Wu Advisor : Prof. Yi-Bing Lin Date : 2003/04/09

2 Main Reference  Salsano, S.; Veltri, L.; Papalilo, D, “ SIP security issues: the SIP authentication procedure and its processing load “, IEEE Network, Volume: 16 Issue: 6, Nov/Dec 2002  J. Rosenberg et al., “ SIP: Session Initiation Protocol “ IETF RFC 3261, June 2002

3 Outline  Motivation  Classification of security End-to-End Hop-by-Hop  Security Support in SIP Authentication Encryption  Evaluation of Processing Cost  Proposed solution Requirements Limitation of current SIP security mechanism Design concept

4 Motivation  Achieve the same security level in PSTN High service availability  Prevent DOS, IDS, fault tolerance … etc. Protection of user-to-network and user- to-user traffic  Authentication  Data Integrity  Encryption

5 Classification of security mechanism  End-to-End mechanism Secure association between caller and callee user agent Protect any confidential information besides route information  Hop-by-Hop mechanism Secure association between two successive SIP entities in the path Protect route information

6 Security Support in SIP  End-to-End mechanism Defined in SIP protocol  Authentication Proxy-Authenticate, Proxy-Authorization, WWW- Authenticate, Authorization  Encryption S/MIME  Hop-by-Hop mechanism Rely on Network level or Transport Level security  IPSec  TLS

7 Evaluation of Authentication Processing Cost

8 Analysis : SIP Authentication Requirements  Requirements Authentication  Mutual Authentication  Key Distribution  Roaming agreement Integrity Cipher Key exchange Prevention of replay attack  Limitation of current Authentication mechanism Authentication  Mutual Authentication : NO  Key Distribution : Predefine secret  Roaming agreement : NO Integrity : achieve by S/MIME Cipher Key exchange : NO Prevention of replay attack : achieve by nonce

9 Concept of Design : Public/Private key based Authentication  The public key /private key of A : Pub_A/Pri_A  The public key /private key of B : Pub_B/Pri_B  A knows B ’ s public key Pub_B  B knows A ’ s public key Pub_A

10 Concept of Design : Certificate-based authentication (1/2)  Only CA ’ s public key has to be known.

11  Roaming agreement Concept of Design : Certificate-based authentication (2/2)

12  Roaming agreement Concept of Design : Certificate-based authentication (2/2)

13

14 Examine the Requirements  Authentication Mutual Authentication : YES Key Distribution : base on Certificate verification Roaming agreement : solved by PKI architecture  Integrity : S/MIME  Cipher Key exchange : can be achieved by public key & private key system  Prevention of replay attack : achieve by nonce New type of Headers have to be specified. Concept of Design: Examine the requirements

15 The End

16 Authentication Procedure

17 S/MIME INVITE sip:bob@biloxi.com SIP/2.0 Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKnashds8 To: Bob From: Alice ;tag=1928301774 Call-ID: a84b4c76e66710 CSeq: 314159 INVITE Max-Forwards: 70 Contact: Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name=smime.p7m Content-Disposition: attachment; filename=smime.p7m handling=required Content-Type: application/sdp v=0 o=alice 53655765 2353687637 IN IP4 pc33.atlanta.com s=- t=0 0 c=IN IP4 pc33.atlanta.com m=audio 3456 RTP/AVP 0 1 3 99 a=rtpmap:0 PCMU/8000

18 SIP Header Privacy and Integrity using S/MIME : Tunneling SIP INVITE sip:bob@biloxi.com SIP/2.0 Via: SIP/2.0/UDP pc33.atlanta.com; branch=z9hG4bKnashds8 To: Bob From: Alice ;tag=1928301774 Call-ID: a84b4c76e66710 CSeq: 314159 INVITE Max-Forwards: 70 Date: Thu, 21 Feb 2002 13:02:03 GMT Contact: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary=boundary42 Content-Length: 568 --boundary42 Content-Type: message/sip INVITE sip:bob@biloxi.com SIP/2.0 Via: SIP/2.0/UDP pc33.atlanta.com; branch=z9hG4bKnashds8 To: Bob From: Alice ;tag=1928301774 Call-ID: a84b4c76e66710 CSeq: 314159 INVITE Max-Forwards: 70 Date: Thu, 21 Feb 2002 13:02:03 GMT Contact: Content-Type: application/sdp Content-Length: 147 v=0 o=UserA 2890844526 2890844526 IN IP4 here.com s=Session SDP c=IN IP4 pc33.atlanta.com t=0 0 m=audio 49172 RTP/AVP 0 a=rtpmap:0 PCMU/8000 --boundary42 Content-Type: application/pkcs7- signature; name=smime.p7s Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s; handling=required ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4 VQpfyF467GhIGfHfYT6 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUu jhJh756tbB9HGTrfvbnj n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGf HfYT6ghyHhHUujpfyF4 7GhIGfHfYT64VQbnj756 --boundary42-

19 SIP Header Privacy and Integrity using S/MIME : Tunneling SIP INVITE sip:bob@biloxi.com SIP/2.0 Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKnashds8 To: Bob From: Anonymous ;tag=1928301774 Call-ID: a84b4c76e66710 CSeq: 314159 INVITE Max-Forwards: 70 Date: Thu, 21 Feb 2002 13:02:03 GMT Contact: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary=boundary42 Content-Length: 568 --boundary42 Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name=smime.p7m Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7m handling=required Content-Length: 231 ********************************************************* * Content-Type: message/sip * * INVITE sip:bob@biloxi.com SIP/2.0 * Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKnashds8 * To: Bob * From: Alice ;tag=1928301774 * Call-ID: a84b4c76e66710 * CSeq: 314159 INVITE * Max-Forwards: 70 * Date: Thu, 21 Feb 2002 13:02:03 GMT * Contact: * Content-Type: application/sdp * v=0 * o=alice 53655765 2353687637 IN IP4 pc33.atlanta.com * s=Session SDP * t=0 0 * c=IN IP4 pc33.atlanta.com * m=audio 3456 RTP/AVP 0 1 3 99 * a=rtpmap:0 PCMU/8000 **********************************************

20 Trusted network

Download ppt "SIP Security Issues : The SIP Authentication Procedure and its Processing Load Speaker: Lin-Yi Wu Advisor : Prof. Yi-Bing Lin Date : 2003/04/09."

Similar presentations

Presence, Security and Privacy. www.dynamicsoft.com VON 3.20. 01 The Current Environment Many Faces of Security Authentication Verify someone is who they.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
NAT Traversal Panasonic Communications Co.,Ltd Office Network Company Network SE Team 2008 Feb 25 th.

NAT Traversal Panasonic Communications Co.,Ltd Office Network Company Network SE Team 2008 Feb 25 th.
5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 1 Evaluation of Existing Voice over Internet Protocol Security Mechanisms & A Recommended.

5/3/05 Hakan Evecek and Brett Wilson - UCCS CS691 Spring '05 1 Evaluation of Existing Voice over Internet Protocol Security Mechanisms & A Recommended.
An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University

An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University
1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.
Signaling: SIP SIP is one of Many ITU H.323 Originally for video conferencing The first standard protocol for VoIP Still in wide usage, but negative.

Signaling: SIP SIP is one of Many ITU H.323 Originally for video conferencing The first standard protocol for VoIP Still in wide usage, but negative.
SIP Security Henning Schulzrinne Dept. of Computer Science Columbia University July 2002.

SIP Security Henning Schulzrinne Dept. of Computer Science Columbia University July 2002.
SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.

SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.
Copyright 2005 – 2008 © by Elliot Eichen. All rights reserved. SIP: Session Initiation Protocol.

Copyright 2005 – 2008 © by Elliot Eichen. All rights reserved. SIP: Session Initiation Protocol.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
CGU SIP VC Client: Design, Architecture & Demo Dr. Samir Chatterjee Network Convergence Laboratory School of Information Science Claremont Graduate University.

CGU SIP VC Client: Design, Architecture & Demo Dr. Samir Chatterjee Network Convergence Laboratory School of Information Science Claremont Graduate University.
Session Initiation Protocol Winelfred G. Pasamba.

Session Initiation Protocol Winelfred G. Pasamba.
SIP/RTP/RTCP Implementation by George Fu, UCCS CS 525 Semester Project Fall 2006.

SIP/RTP/RTCP Implementation by George Fu, UCCS CS 525 Semester Project Fall 2006.
VoIP Using SIP/RTP by George Fu, UCCS CS 522 Semester Project Fall 2004.

VoIP Using SIP/RTP by George Fu, UCCS CS 522 Semester Project Fall 2004.
SIP Security Matt Hsu.

SIP Security Matt Hsu.
SIP Security Henning Schulzrinne Columbia University.

SIP Security Henning Schulzrinne Columbia University.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)

SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)

Similar presentations

Ads by Google